Box API - UpdateInfo - returns 403

SOLVED
Go to solution
Highlighted
Occasional Contributor

Box API - UpdateInfo - returns 403

I have a developer account and a custom app. I am trying to test the updateInfo to update the filename and description but I get a 403. I have also tried reauthorizing the app.

 

Error description: The request requires higher privileges than provided by the access token

 

BoxAPIConnection api = new BoxAPIConnection(DEVELOPER_TOKEN);
BoxFile file = new BoxFile(api, document.getDocUID());
BoxFile.Info info = file.new Info();
info.setName(document.getName());
info.setDescription(document.getDescription());
file.updateInfo(info);

 

When I use the 

7 REPLIES 7
Highlighted
Box Employee

Re: Box API - UpdateInfo - returns 403

Hi @vmali,

 

It looks like some of your question was cut off after the sample, so I'll do my best to provide guidance with what's available. 

 

It looks like you're using the developer token in your calls, rather than the application access token. Depending on the user that you're trying to access, this might be the cause of the problem. 

 

Since you're reauthorizing the app, I'm assuming that you're using JWT auth. The first thing that I'd recommend is to generate a proper access token for the application using this method, then try again.

Highlighted
Occasional Contributor

Re: Box API - UpdateInfo - returns 403

Thanks @jcleblanc

 

I am using the Access token method (as Dev token) and no JWT. I am able to perform other operations on the file - Download, upload file, create/update metadata etc. When I try the put for File update it fails with 403. This is confusing too. 

 

Highlighted
Box Employee

Re: Box API - UpdateInfo - returns 403

Hi @vmali,

 

These are a few of the options I can provide, given the info:

  1. Make sure to select the appropriate scopes in your application, then revoke your current developer token and reissue it. I'd recommend just setting all of the scopes on at first, then whittle them down, to see if the scopes are the problem.
  2. Make sure that the file you're accessing is owned by the developer account (your account). The developer token will only be scoped for that account.
  3. If that fails, switch to using the standard JWT auth method. Developer tokens are only supposed to be used for simple testing as they expire after an hour and have to be manually refreshed from the console. JWT auth (or even OAuth 2 if you want to go down that route) should overcome this hurdle.

- Jon

Highlighted
Occasional Contributor

Re: Box API - UpdateInfo - returns 403

Thanks @jcleblanc!

 

Apologies, I am not using the Dev token but the app token. https://developer.box.com/guides/authentication/app-token/

 

Here is my response to below points. 

 

  1. Make sure to select the appropriate scopes in your application, then revoke your current developer token and reissue it. I'd recommend just setting all of the scopes on at first, then whittle them down, to see if the scopes are the problem.
    1. VM: Where do you set the scopes for an Access token. I read this somewhere but with current configuration which Auth type of Access Token I dont see this scope setting anywhere. 
  2. Make sure that the file you're accessing is owned by the developer account (your account). The developer token will only be scoped for that account.
    1. VM: The file was uploaded by the same account using the Box api and the auth token. The issue is just with this Put operation that leads to 403. 
  3. If that fails, switch to using the standard JWT auth method. Developer tokens are only supposed to be used for simple testing as they expire after an hour and have to be manually refreshed from the console. JWT auth (or even OAuth 2 if you want to go down that route) should overcome this hurdle.
    1. VM: As per the configuration the Access token expires in 30 days. Expiry is shown on the Configuration page of the custom app. 

Please advise. 

 

-Vishal

Highlighted
Box Employee

Re: Box API - UpdateInfo - returns 403

Hi @vmali,

 

Ohhhh, ok I think I know what's going on. App token auth has a very restrictive number of endpoints that it works with, listed here. It's present to support a legacy system that was added into Box, which later became Box View. With that said, updating a file will not work with app token auth.

 

If you need the functionality of endpoints that are not on that list, then the only alternative here is that you'll need to switch to another auth method, either JWT or standard OAuth 2.

 

- Jon

Occasional Contributor

Re: Box API - UpdateInfo - returns 403

Great, at least we know the issue. 

 

That's interesting as I am able to also perform other operation like create/update metadata on the file that I uploaded. Can you please confirm if the link is up-to-date?

 

Highlighted
Box Employee

Re: Box API - UpdateInfo - returns 403

Hi @vmali,

 

It's entirely possible that there may be a discrepancy in the docs. I've gone ahead and filed an internal ticket for us to test our public endpoints with an app token to ensure that we can get an accurate assessment of the viable endpoints, and document them as such.

 

Thanks,

Jon